CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-0102
https://notcve.org/view.php?id=CVE-2022-0102
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1260129 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46152 – Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-46152
Affected application contains a type confusion vulnerability while parsing NEU files. ... La aplicación afectada contiene una vulnerabilidad de confusión de tipos mientras analiza los archivos NEU. • https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf https://www.zerodayinitiative.com/advisories/ZDI-22-293 https://www.zerodayinitiative.com/advisories/ZDI-22-294 https://www.zerodayinitiative.com/advisories/ZDI-22-295 https://www.zerodayinitiative.com/advisories/ZDI-22-296 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23583 – `CHECK`-failures in binary ops in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23583
In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. ... En ese caso, la llamada al operador binario templado para la op binaria recibiría datos corruptos, debido a la confusión de tipos implicada. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137 https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3 • CWE-617: Reachable Assertion CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23507 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23507
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 El paquete object-path-set versiones anteriores a 1.0.2, es vulnerable a una Contaminación de Prototipos por medio del método setPath, ya que permite a un atacante fusionar prototipos de objetos en él. *Nota:* Esta vulnerabilidad deriva de una corrección incompleta en https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 • https://github.com/skratchdot/object-path-set/blob/577f5299fed15bb9edd11c940ff3cf0b9f4748d5/index.js%23L8 https://github.com/skratchdot/object-path-set/commit/2d67a714159c4099589b6661fa84e6d2adc31761 https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-OBJECTPATHSET-2388576 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-23497 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23497
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 Esto afecta al paquete @strikeentco/set versiones anteriores a 1.0.2. Permite a un atacante causar una denegación de servicio y puede conllevar a una ejecución de código remota. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta en https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 • https://github.com/strikeentco/set/commit/b2f942c https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •